A German security researcher, Thomas Skora, has exposed a vulnerability in Android that allows reading of contactless credit card data in NFC enabled smartphones. This exploit could allow criminals to steal credit card info via NFC chips.
Skora managed to create an app for testing purpose and uploaded it to the Google Play Store. The application was able to read credit card information like card number, issue and expiry date and bank code from German PayPass MasterCard and GledKarte. Google lived up to its reputation and removed the app from the Play Store as soon as they learned about it.
The application's source code has been released so that other developers can work publicly on it and get the vulnerability fixed as soon as possible. The SmartCard Alliance is also currently working on it, and though they confirmed that the app has the ability to initiate a fraudulent transaction, luckily no such cases have been reported yet.
You can learn more about this issue from Android.gs website.
Saurav Modak
Saurav Modak is an engineering student and FOSS enthusiast who believes that best things in the world, such as software should be free (as in freedom). He is a hard core Arch fan and loves to show off his customized Arch Linux installation to friends. You can connect with Saurav on Facebook, Google+ and Twitter.
